redline | 05ffc155188b8e442a3c158c623001cf63c50758d6c0108f99beb17cb4eea2b8

Analysis

max time kernel
143s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10-05-2024 12:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e75553603f2b4895a75a340aaaa70840_NeikiAnalytics.exe
Size

459KB
MD5

e75553603f2b4895a75a340aaaa70840
SHA1

1cd629840a11d5d03a4e9da7ff9cfcdff773f377
SHA256

05ffc155188b8e442a3c158c623001cf63c50758d6c0108f99beb17cb4eea2b8
SHA512

b689d1393a8ac39acea3280f8105fca56f9bc01d9ec9f8d7bcb97b2c63d9edf259856244c3730677525f5eada9ac66f17091584a12598463dbed39d44dde0000
SSDEEP

12288:xaiKQfPn+GEmc3Cu4nmR66JlZ4yNPURUFGkb:xzKQfP+3mECusmYM5NPCUFGK

Score

10^/10

redline zgrat infostealer rat

Malware Config

Signatures

Detect ZGRat V1 35 IoCs

resource	yara_rule
behavioral2/memory/4964-5-0x0000000002910000-0x000000000294C000-memory.dmp	family_zgrat_v1
behavioral2/memory/4964-7-0x00000000029A0000-0x00000000029DA000-memory.dmp	family_zgrat_v1
behavioral2/memory/4964-9-0x00000000029A0000-0x00000000029D5000-memory.dmp	family_zgrat_v1
behavioral2/memory/4964-33-0x00000000029A0000-0x00000000029D5000-memory.dmp	family_zgrat_v1
behavioral2/memory/4964-72-0x00000000029A0000-0x00000000029D5000-memory.dmp	family_zgrat_v1
behavioral2/memory/4964-69-0x00000000029A0000-0x00000000029D5000-memory.dmp	family_zgrat_v1
behavioral2/memory/4964-67-0x00000000029A0000-0x00000000029D5000-memory.dmp	family_zgrat_v1
behavioral2/memory/4964-65-0x00000000029A0000-0x00000000029D5000-memory.dmp	family_zgrat_v1
behavioral2/memory/4964-63-0x00000000029A0000-0x00000000029D5000-memory.dmp	family_zgrat_v1
behavioral2/memory/4964-61-0x00000000029A0000-0x00000000029D5000-memory.dmp	family_zgrat_v1
behavioral2/memory/4964-59-0x00000000029A0000-0x00000000029D5000-memory.dmp	family_zgrat_v1
behavioral2/memory/4964-57-0x00000000029A0000-0x00000000029D5000-memory.dmp	family_zgrat_v1
behavioral2/memory/4964-55-0x00000000029A0000-0x00000000029D5000-memory.dmp	family_zgrat_v1
behavioral2/memory/4964-53-0x00000000029A0000-0x00000000029D5000-memory.dmp	family_zgrat_v1
behavioral2/memory/4964-51-0x00000000029A0000-0x00000000029D5000-memory.dmp	family_zgrat_v1
behavioral2/memory/4964-49-0x00000000029A0000-0x00000000029D5000-memory.dmp	family_zgrat_v1
behavioral2/memory/4964-47-0x00000000029A0000-0x00000000029D5000-memory.dmp	family_zgrat_v1
behavioral2/memory/4964-45-0x00000000029A0000-0x00000000029D5000-memory.dmp	family_zgrat_v1
behavioral2/memory/4964-43-0x00000000029A0000-0x00000000029D5000-memory.dmp	family_zgrat_v1
behavioral2/memory/4964-41-0x00000000029A0000-0x00000000029D5000-memory.dmp	family_zgrat_v1
behavioral2/memory/4964-39-0x00000000029A0000-0x00000000029D5000-memory.dmp	family_zgrat_v1
behavioral2/memory/4964-37-0x00000000029A0000-0x00000000029D5000-memory.dmp	family_zgrat_v1
behavioral2/memory/4964-35-0x00000000029A0000-0x00000000029D5000-memory.dmp	family_zgrat_v1
behavioral2/memory/4964-31-0x00000000029A0000-0x00000000029D5000-memory.dmp	family_zgrat_v1
behavioral2/memory/4964-30-0x00000000029A0000-0x00000000029D5000-memory.dmp	family_zgrat_v1
behavioral2/memory/4964-27-0x00000000029A0000-0x00000000029D5000-memory.dmp	family_zgrat_v1
behavioral2/memory/4964-25-0x00000000029A0000-0x00000000029D5000-memory.dmp	family_zgrat_v1
behavioral2/memory/4964-24-0x00000000029A0000-0x00000000029D5000-memory.dmp	family_zgrat_v1
behavioral2/memory/4964-21-0x00000000029A0000-0x00000000029D5000-memory.dmp	family_zgrat_v1
behavioral2/memory/4964-19-0x00000000029A0000-0x00000000029D5000-memory.dmp	family_zgrat_v1
behavioral2/memory/4964-17-0x00000000029A0000-0x00000000029D5000-memory.dmp	family_zgrat_v1
behavioral2/memory/4964-15-0x00000000029A0000-0x00000000029D5000-memory.dmp	family_zgrat_v1
behavioral2/memory/4964-13-0x00000000029A0000-0x00000000029D5000-memory.dmp	family_zgrat_v1
behavioral2/memory/4964-11-0x00000000029A0000-0x00000000029D5000-memory.dmp	family_zgrat_v1
behavioral2/memory/4964-8-0x00000000029A0000-0x00000000029D5000-memory.dmp	family_zgrat_v1

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 35 IoCs

resource	yara_rule
behavioral2/memory/4964-5-0x0000000002910000-0x000000000294C000-memory.dmp	family_redline
behavioral2/memory/4964-7-0x00000000029A0000-0x00000000029DA000-memory.dmp	family_redline
behavioral2/memory/4964-9-0x00000000029A0000-0x00000000029D5000-memory.dmp	family_redline
behavioral2/memory/4964-33-0x00000000029A0000-0x00000000029D5000-memory.dmp	family_redline
behavioral2/memory/4964-72-0x00000000029A0000-0x00000000029D5000-memory.dmp	family_redline
behavioral2/memory/4964-69-0x00000000029A0000-0x00000000029D5000-memory.dmp	family_redline
behavioral2/memory/4964-67-0x00000000029A0000-0x00000000029D5000-memory.dmp	family_redline
behavioral2/memory/4964-65-0x00000000029A0000-0x00000000029D5000-memory.dmp	family_redline
behavioral2/memory/4964-63-0x00000000029A0000-0x00000000029D5000-memory.dmp	family_redline
behavioral2/memory/4964-61-0x00000000029A0000-0x00000000029D5000-memory.dmp	family_redline
behavioral2/memory/4964-59-0x00000000029A0000-0x00000000029D5000-memory.dmp	family_redline
behavioral2/memory/4964-57-0x00000000029A0000-0x00000000029D5000-memory.dmp	family_redline
behavioral2/memory/4964-55-0x00000000029A0000-0x00000000029D5000-memory.dmp	family_redline
behavioral2/memory/4964-53-0x00000000029A0000-0x00000000029D5000-memory.dmp	family_redline
behavioral2/memory/4964-51-0x00000000029A0000-0x00000000029D5000-memory.dmp	family_redline
behavioral2/memory/4964-49-0x00000000029A0000-0x00000000029D5000-memory.dmp	family_redline
behavioral2/memory/4964-47-0x00000000029A0000-0x00000000029D5000-memory.dmp	family_redline
behavioral2/memory/4964-45-0x00000000029A0000-0x00000000029D5000-memory.dmp	family_redline
behavioral2/memory/4964-43-0x00000000029A0000-0x00000000029D5000-memory.dmp	family_redline
behavioral2/memory/4964-41-0x00000000029A0000-0x00000000029D5000-memory.dmp	family_redline
behavioral2/memory/4964-39-0x00000000029A0000-0x00000000029D5000-memory.dmp	family_redline
behavioral2/memory/4964-37-0x00000000029A0000-0x00000000029D5000-memory.dmp	family_redline
behavioral2/memory/4964-35-0x00000000029A0000-0x00000000029D5000-memory.dmp	family_redline
behavioral2/memory/4964-31-0x00000000029A0000-0x00000000029D5000-memory.dmp	family_redline
behavioral2/memory/4964-30-0x00000000029A0000-0x00000000029D5000-memory.dmp	family_redline
behavioral2/memory/4964-27-0x00000000029A0000-0x00000000029D5000-memory.dmp	family_redline
behavioral2/memory/4964-25-0x00000000029A0000-0x00000000029D5000-memory.dmp	family_redline
behavioral2/memory/4964-24-0x00000000029A0000-0x00000000029D5000-memory.dmp	family_redline
behavioral2/memory/4964-21-0x00000000029A0000-0x00000000029D5000-memory.dmp	family_redline
behavioral2/memory/4964-19-0x00000000029A0000-0x00000000029D5000-memory.dmp	family_redline
behavioral2/memory/4964-17-0x00000000029A0000-0x00000000029D5000-memory.dmp	family_redline
behavioral2/memory/4964-15-0x00000000029A0000-0x00000000029D5000-memory.dmp	family_redline
behavioral2/memory/4964-13-0x00000000029A0000-0x00000000029D5000-memory.dmp	family_redline
behavioral2/memory/4964-11-0x00000000029A0000-0x00000000029D5000-memory.dmp	family_redline
behavioral2/memory/4964-8-0x00000000029A0000-0x00000000029D5000-memory.dmp	family_redline

ZGRat
ZGRat is remote access trojan written in C#.
rat zgrat

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4964	e75553603f2b4895a75a340aaaa70840_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\e75553603f2b4895a75a340aaaa70840_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\e75553603f2b4895a75a340aaaa70840_NeikiAnalytics.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4964

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4964-2-0x0000000002440000-0x0000000002486000-memory.dmp

Filesize
280KB

Download
memory/4964-1-0x0000000000960000-0x0000000000A60000-memory.dmp

Filesize
1024KB

Download
memory/4964-3-0x0000000000400000-0x0000000000449000-memory.dmp

Filesize
292KB

Download
memory/4964-4-0x0000000000400000-0x0000000000817000-memory.dmp

Filesize
4.1MB

Download
memory/4964-5-0x0000000002910000-0x000000000294C000-memory.dmp

Filesize
240KB

Download
memory/4964-6-0x0000000005110000-0x00000000056B4000-memory.dmp

Filesize
5.6MB

Download
memory/4964-7-0x00000000029A0000-0x00000000029DA000-memory.dmp

Filesize
232KB

Download
memory/4964-9-0x00000000029A0000-0x00000000029D5000-memory.dmp

Filesize
212KB

Download
memory/4964-33-0x00000000029A0000-0x00000000029D5000-memory.dmp

Filesize
212KB

Download
memory/4964-72-0x00000000029A0000-0x00000000029D5000-memory.dmp

Filesize
212KB

Download
memory/4964-69-0x00000000029A0000-0x00000000029D5000-memory.dmp

Filesize
212KB

Download
memory/4964-67-0x00000000029A0000-0x00000000029D5000-memory.dmp

Filesize
212KB

Download
memory/4964-65-0x00000000029A0000-0x00000000029D5000-memory.dmp

Filesize
212KB

Download
memory/4964-63-0x00000000029A0000-0x00000000029D5000-memory.dmp

Filesize
212KB

Download
memory/4964-61-0x00000000029A0000-0x00000000029D5000-memory.dmp

Filesize
212KB

Download
memory/4964-59-0x00000000029A0000-0x00000000029D5000-memory.dmp

Filesize
212KB

Download
memory/4964-57-0x00000000029A0000-0x00000000029D5000-memory.dmp

Filesize
212KB

Download
memory/4964-55-0x00000000029A0000-0x00000000029D5000-memory.dmp

Filesize
212KB

Download
memory/4964-53-0x00000000029A0000-0x00000000029D5000-memory.dmp

Filesize
212KB

Download
memory/4964-51-0x00000000029A0000-0x00000000029D5000-memory.dmp

Filesize
212KB

Download
memory/4964-49-0x00000000029A0000-0x00000000029D5000-memory.dmp

Filesize
212KB

Download
memory/4964-47-0x00000000029A0000-0x00000000029D5000-memory.dmp

Filesize
212KB

Download
memory/4964-45-0x00000000029A0000-0x00000000029D5000-memory.dmp

Filesize
212KB

Download
memory/4964-43-0x00000000029A0000-0x00000000029D5000-memory.dmp

Filesize
212KB

Download
memory/4964-41-0x00000000029A0000-0x00000000029D5000-memory.dmp

Filesize
212KB

Download
memory/4964-39-0x00000000029A0000-0x00000000029D5000-memory.dmp

Filesize
212KB

Download
memory/4964-37-0x00000000029A0000-0x00000000029D5000-memory.dmp

Filesize
212KB

Download
memory/4964-35-0x00000000029A0000-0x00000000029D5000-memory.dmp

Filesize
212KB

Download
memory/4964-31-0x00000000029A0000-0x00000000029D5000-memory.dmp

Filesize
212KB

Download
memory/4964-30-0x00000000029A0000-0x00000000029D5000-memory.dmp

Filesize
212KB

Download
memory/4964-27-0x00000000029A0000-0x00000000029D5000-memory.dmp

Filesize
212KB

Download
memory/4964-25-0x00000000029A0000-0x00000000029D5000-memory.dmp

Filesize
212KB

Download
memory/4964-24-0x00000000029A0000-0x00000000029D5000-memory.dmp

Filesize
212KB

Download
memory/4964-21-0x00000000029A0000-0x00000000029D5000-memory.dmp

Filesize
212KB

Download
memory/4964-19-0x00000000029A0000-0x00000000029D5000-memory.dmp

Filesize
212KB

Download
memory/4964-17-0x00000000029A0000-0x00000000029D5000-memory.dmp

Filesize
212KB

Download
memory/4964-15-0x00000000029A0000-0x00000000029D5000-memory.dmp

Filesize
212KB

Download
memory/4964-13-0x00000000029A0000-0x00000000029D5000-memory.dmp

Filesize
212KB

Download
memory/4964-11-0x00000000029A0000-0x00000000029D5000-memory.dmp

Filesize
212KB

Download
memory/4964-8-0x00000000029A0000-0x00000000029D5000-memory.dmp

Filesize
212KB

Download
memory/4964-800-0x0000000007A40000-0x0000000008058000-memory.dmp

Filesize
6.1MB

Download
memory/4964-801-0x00000000080A0000-0x00000000080B2000-memory.dmp

Filesize
72KB

Download
memory/4964-802-0x00000000080C0000-0x00000000081CA000-memory.dmp

Filesize
1.0MB

Download
memory/4964-803-0x00000000081E0000-0x000000000821C000-memory.dmp

Filesize
240KB

Download
memory/4964-804-0x0000000002860000-0x00000000028AC000-memory.dmp

Filesize
304KB

Download
memory/4964-807-0x0000000002440000-0x0000000002486000-memory.dmp

Filesize
280KB

Download
memory/4964-806-0x0000000000960000-0x0000000000A60000-memory.dmp

Filesize
1024KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads